Bug #819
closedspawn-fcgi processes ignore user's other groups
Description
I have observed the following behaviour with spawn-fcgi...
http://lists.edgewall.com/archive/trac/2006-August/009484.html
It seems that spawn-fcgi processes are restricted to the user's default group (or the group specified with -g or both - not sure) but in any case, the user's other groups are totally ignored. In the above example, the trac user is a member or the subversion group but a permissiod denied error is received when trying to access the Subversion repository, despite the correct permissions being set.
I have a feeling this might be related to bug #78. By the look of the changeset, the change was only applied to server.c and not spawn-fcgi.c as well.
-- chewi
Updated by Anonymous over 17 years ago
Ah I see that change was added later. Something's still not right then.
Updated by Anonymous over 17 years ago
I've been experiencing the same thing. From looking at the code, I'd say it should work. But it doesn't for me.
-- Matthijs Kooijman <m.kooijman
Updated by stbuehler over 15 years ago
- Status changed from New to Fixed
- Resolution set to wontfix
If you specify user and group it should work (initgroups need username and group id).
Updated by Anonymous over 15 years ago
So are you saying that it is correct that only the exact user and group you specify (and not any other groups that user may be in) should apply? That doesn't seem right to me. I have since found that you can work around the problem by starting spawn-fcgi via sudo instead since that does respect the user's other groups.
Updated by stbuehler about 15 years ago
- Project changed from Lighttpd to spawn-fcgi
- Category deleted (
mod_fastcgi)
Updated by stbuehler about 15 years ago
- Status changed from Wontfix to Fixed
Fixed in r13 (uses default user group as group; if you choose a different group, the spawned process will probably not have its default group in the group list).
Also available in: Atom